diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-24 14:16:24 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-04-25 08:06:51 +0200 |
commit | 6efa7e478ed70df1eead6625b3304e17ef964c0a (patch) | |
tree | 59ada31b4f2d7023fcab06a90543e8c580640448 | |
parent | b23ac8712ffa874247368aaeadd02971857e98a3 (diff) | |
download | gnutls-6efa7e478ed70df1eead6625b3304e17ef964c0a.tar.gz |
Added explicit check for the bounds of the generated 'd'.
This is according to FIPS186-4 sec. B.3.1.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/nettle/int/rsa-keygen-fips186.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c index 8ea4f7daa9..b064b455f3 100644 --- a/lib/nettle/int/rsa-keygen-fips186.c +++ b/lib/nettle/int/rsa-keygen-fips186.c @@ -357,6 +357,12 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, goto cleanup; } + /* check whether d > 2^(nlen/2) -- FIPS186-4 5.3.1 */ + if (mpz_sizeinbase(key->d, 2) < n_size/2) { + ret = 0; + goto cleanup; + } + /* Done! Almost, we must compute the auxillary private values. */ /* a = d % (p-1) */ mpz_fdiv_r(key->a, key->d, p1); |